Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2004-0707

SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.

  • Published: Jul 27, 2004
  • Updated: Apr 13, 2023
  • CVE: CVE-2004-0707
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
mozilla / bugzilla 2.17.6 2.17.6.x
mozilla / bugzilla 2.16.1 2.16.1.x
mozilla / bugzilla 2.16.2 2.16.2.x
mozilla / bugzilla 2.17.4 2.17.4.x
mozilla / bugzilla 2.10 2.10.x
mozilla / bugzilla 2.17.1 2.17.1.x
mozilla / bugzilla 2.16 2.16.x
mozilla / bugzilla 2.14.2 2.14.2.x
mozilla / bugzilla 2.14.3 2.14.3.x
mozilla / bugzilla 2.14.4 2.14.4.x
mozilla / bugzilla 2.6 2.6.x
mozilla / bugzilla 2.17.5 2.17.5.x
mozilla / bugzilla 2.17.3 2.17.3.x
mozilla / bugzilla 2.4 2.4.x
mozilla / bugzilla 2.16.4 2.16.4.x
mozilla / bugzilla 2.12 2.12.x
mozilla / bugzilla 2.8 2.8.x
mozilla / bugzilla 2.16.3 2.16.3.x
mozilla / bugzilla 2.14.5 2.14.5.x
mozilla / bugzilla 2.17.7 2.17.7.x
mozilla / bugzilla 2.17 2.17.x
mozilla / bugzilla 2.14.1 2.14.1.x
mozilla / bugzilla 2.16.5 2.16.5.x
mozilla / bugzilla 2.14 2.14.x